Ah, I just read the new APAR ERROR DESCRIPTION: CSSMTP should only attempt to secure a connection to a target server if either "Secure" is "Yes" in the TargetServer configuration statement or a SYSOUT spool file contains the "STARTTLS" command. However, APAR PH61015<https://www-50.ibm.com/ibmlink/sis/viewAparDoc.wss?context=aparAndUsage&searchWords=PH66548&documentIds=PH61015&lc=en&cc=US> causes CSSMTP to attempt a TLS handshake anytime the target server sends "STARTTLS" in the EHLO reply even if a secure connection is not requested. The CSSMTP log (with logLevel set to 127 or 255) shows that after the EHLO reply CSSMTP sets the protocol state to ML_PR_StartTLS rather than ML_PR_SendMail. This leads to an SIOCTTLSCTL ioctl() failing with errnojr 77B77317 (JROptNotSupported) because either TTLS is not enabled in the TCPIP stack or there is no TTLSRULE that maps to the TCP connection. The mail fails with an "Undeliverable mail" error report.
Dave Jousma Vice President | Director, Technology Engineering From: IBM Mainframe Discussion List <[email protected]> on behalf of Jousma, David <[email protected]> Date: Thursday, May 15, 2025 at 2:14 PM To: [email protected] <[email protected]> Subject: Re: BEWARE UO02745 Ed, I looked at the original PTF/APAR. What exactly was the issue? Dave Jousma Vice President | Director, Technology Engineering From: IBM Mainframe Discussion List <[email protected]> on behalf of Ed Jaffe <[email protected]> Date: Thursday, May 15, 2025 at 1:39 PM To: [email protected] <[email protected]> Subject: Re: BEWARE UO02745 IBM created APAR PH66548 to solve this issue... On 5/3/2025 8:15 AM, Ed Jaffe wrote: > I don't know how many of you prevent PTFs with ACTION or DOC HOLDs > from being applied until after you read and fully understand them, but > if you're busy and are prone to applying first and reading later, this > post might be for you. > > We applied the subject PTF last week to our "production" z/OS 3.1 > system, and a few days later realized CSSMTP could not send email. At > first we weren't sure why, so we went through our usual diagnostics. > Eventually, we inspected recent maintenance and saw both ACTION and > DOC HOLDs against UO02745 documenting a serious impact to CSSMTP. We > restored the PTF and magically CSSMTP started working again. > > Obviously, we have some deep reading and some configuring to do. In > the meantime, we put a USER HOLD on that PTF to prevent it being > accidentally applied before we're ready... -------------------------------------------------------------------------------- This e-mail message, including any attachments, appended messages and the information contained therein, is for the sole use of the intended recipient(s). If you are not an intended recipient or have otherwise received this email message in error, any use, dissemination, distribution, review, storage or copying of this e-mail message and the information contained therein is strictly prohibited. If you are not an intended recipient, please contact the sender by reply e-mail and destroy all copies of this email message and do not otherwise utilize or retain this email message or any or all of the information contained therein. Although this email message and any attachments or appended messages are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by the sender for any loss or damage arising in any way from its opening or use. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
